Headline
CVE-2022-35846: Fortiguard
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
** PSIRT Advisories**
FortiTester - Missing account lockout on telnet port
Summary
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
Affected Products
FortiTester version 7.1.0 through 7.1.1
FortiTester version 7.0.0
FortiTester version 4.2.0 through 4.2.1
FortiTester version 4.1.0 through 4.1.1
FortiTester version 4.0.0
FortiTester version 3.9.0 through 3.9.2
FortiTester version 3.8.0
FortiTester version 3.7.0 through 3.7.1
FortiTester version 3.6.0
FortiTester version 3.5.0 through 3.5.1
FortiTester version 3.4.0
FortiTester version 3.3.0 through 3.3.1
FortiTester version 3.2.0
FortiTester version 3.1.0
FortiTester version 3.0.0
FortiTester version 2.9.0
FortiTester version 2.8.0
FortiTester version 2.7.0
FortiTester version 2.6.0
FortiTester version 2.5.0
FortiTester version 2.4.0 through 2.4.1
FortiTester version 2.3.0
Solutions
Please upgrade to FortiTester version 7.2.0 or above
Please upgrade to FortiTester version 7.1.1 or above
Please upgrade to FortiTester version 4.2.1 or above
Please upgrade to FortiTester version 3.9.2 or above
Acknowledgement
Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.